devis said the following on 8/13/2004 8:01 PM GMT+2:
I am getting nimda probes because nimda from a start was made possible by MS designing a web server full of damn holes ( read not tested, deadlines, time is money ). Do not blame the people not patching their boxes, as it is the problem today, but not the problem that caused it. That is what i am talking about short term memory. Track problem at their source instead of fixing now whats leaking., and will releak soon another way. Aren't we likely to see a new worm attacking MS systems in the next future ? Of course we will. Time to stop pretending computing is easy just to sell their damn sofware, and educate people about computer security, which is the reverse of what they have been doing, for all these years. Applauding the change of direction ? I don't cause it is higly hypocrit, otherwise the new pop up blocker of Internet Explorer will block ALL popups.
MS web server full of damn holes? What about apache ? What do you think would happen if you do not update your apache for a year, or openssh, or any piece of software ? What do you think would happen if you did not apply those MaxOSX updates which Apple released over the past few months? Don't talk about releaking and only mention Microsoft. There are opensource programs which have the same track record.
All comes down to staying up-to-date, and patch.
> Beside, the unix based permissions system has proven far superior, ask
I'd say NTFS is pretty advanced too. In some ways it is better.
> apple. Still shameful that the default XP install, in 2004, at these > malware times, still logs you as an administrator . Would you feel safe > using ur *nix box as root everyday ? I wouldn't.
XP install asks for an administrator password, *and* to add one, or more normal users. I see the same behavior in some Linux distributions. (e.g. slackware does not ask you to create a user account during install).
Kind regards,
Niek Baakman
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html